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In the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1-36. (Canceled) 

37. (Currently Amended) A hardware-containing apparatus for mediating in 
management orders between a plurality of origin managing devices and a plurality of 
managed devices in a telecommunications system, the management orders intended to 
execute management operations over the managed devices, comprising: 

a communication receiver component arranged to receive a management order 
from one of the origin managing devices; 

a management verifier component arranged to determine whether the received 
management order is an allowed management order by checking whether content of the 
received management order fits on aoooss ottributo access attributes comprised in a 
manag e ment acc e ss tomp l ato, tho management access template b e ing on e s e l e cted 
from th e group cons i st i ng of: a first management access template in relationship with an 
identifier of the origin managing device[[;]k a second management access template in 
relationship with an identifier of a managed data object affected by the management 
order[[;]],,, and a third management access template in relationship with an identifier of a 
managed device affected by the management order; 

a communication sender component arranged to send an allowed management 
order to a managed device; and 

the hardware-containing apparatus is interposed between the plurality of origin 
managing devices and the plurality of managed devices so as to receive management 
orders from the plurality of origin managing devices and issue allowed management 
orders to the plurality of managed devices. 

38. (Previously Presented) The apparatus of claim 37, wherein the first 
management access template further comprises at least one access attribute selected 
from the group consisting of: an identifier of an allowed management operation; an 
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identifier of an allowed managed data object; a pattern structure of the managed data 
object; an identifier of an allowed managed device; an identifier of an allowed 
management operation over an allowed managed device; and an identifier of an 
allowed management operation over an allowed managed data object. 

39. (Previously Presented) The apparatus of claim 37, wherein the second 
management access template further comprises at least one access attribute selected 
from the group consisting of: a pattern structure* of the managed data object; an 
identifier of an allowed management operation; an identifier of a managed device 
holding the managed data object; an identifier of an allowed origin managing device; an 
identifier of an allowed management operation from an allowed origin managing device; 
and an identifier of an allowed management operation over a holding managed device. 

40. (Previously Presented) The apparatus of claim 37, wherein the third 
management access template comprises at least one access attribute selected from the 
group consisting of: an identifier of an allowed management operation; an identifier of a 
managed data object held on the managed device; an identifier of an allowed origin 
managing device; an identifier of an allowed management operation from an allowed 
origin managing device; and an identifier of an allowed management operation over a 
held managed data object. 

41. (Previously Presented) The apparatus of claim 37, wherein the 
management verifier component is arranged to determine, from the identifier of a 
management operation, at least one identifier, the identifier being one selected from the 
group consisting of: an identifier of a managed data object affected by the operation; 
and an identifier of a managed device, affected by the operation. 

42. (Previously Presented) The apparatus of claim 37, wherein the 
management verifier component is arranged to select a management access template, 
among the first, second, and third management templates, according to an identifier 
received in a management order. 
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43. (Previously Presented) The apparatus of claim 42, wherein the 
management verifier component is arranged to select a management access template, 
among the first, second, and third management templates, according to an access 
attribute comprised in another selected management access template. 

44. (Previously Presented) The apparatus of claim 42, wherein the identifier of 
the origin managing device comprises at least one identifier selected from the group 
consisting of: an identifier of a management server sending a management order; and 
an identifier of a user operating the management server; and 

wherein the management verifier component is arranged to select the first 
management access template according to the at least one identifier. 

45. (Previously Presented) The apparatus of claim 42, wherein the identifier of 
the origin managing device comprises at least one identifier selected from the group 
consisting of: an identifier of a management server sending a management order; and 
an identifier of a user operating the management server; and wherein the management 
verifier component is arranged to authenticate the at least one identifier. 

46. (Previously Presented) The apparatus of claim 42, wherein the 
management verifier component is arranged to determine a management role 
associated to at least one identifier, the identifier being one selected from the group 
consisting of: an identifier of a management server sending a management order; and 
an identifier of a user operating the management server. 

47. (Previously Presented) The apparatus of claim 46, wherein the 
management verifier component is further arranged to select at least one management 
access template in relationship with the role. 

48. (Previously Presented) The apparatus of claim 46, wherein at least one 
management access template among the second or third management templates 
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comprises an identifier (ROm) of at least one role as an access attribute, and wherein 
the Management Verifier Component is further arranged to check whether the 
management order fits with the role. 

49. (Previously Presented) The apparatus of claim 37, wherein the 
management verifier component is arranged to determine whether a managed data 
object affected by an allowed management order is an access attribute in a 
management access template, and further comprising a management execution 
component, arranged to execute a management operation over the access attribute. 

50. (Previously Presented) the apparatus of claim 37, wherein the 
communication receiver component is further arranged to ; receive -an access request 
from one of the origin managing devices; 

wherein the management verifier component is further arranged to determine the 
first management access template; and 

wherein the communication sender component is further arranged to send an 
access response to the origin managing device that comprises an access attribute of 
the management access template. 

51. (Currently Amended) In a telecommunications system, a method 
implemented by a hardware-containing apparatus for mediating in the management of a 
plurality of managed devices from a plurality of origin managing devices, comprising the 
steps of: 

receiving a management order from one of the origin managing devices in the 
managed device; 

executing a management operation requested by the management order in the 
managed device; 

the step of receiving a management order comprising the further steps of: 
receiving a management order in a centralized management mediator; 
determining whether the received management order is an allowed management 
order by checking in the centralized management mediator whether content of the 
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received management order fits an acc e ss attribut e access attributes comprised in a 
manag e m e nt acc e ss tomp l ato so to d e t e rm i no whothor a rocoivod managom e nt ordor i s 
an allowed managomont ordor, tho managomont accoss tomplato bo i ng ono soloctod 
from th e group consisting of: a first management access template in relationship with an 
identifier of the origin managing device!!;]!, a second management access template in 
relationship with an identifier of a managed data object affected by the management 
order[[;]] A and a third management access template in relationship with an identifier of a 
managed device affected by the management order; 

granting the management order to be sent to a managed device if it is an allowed 
management order; and 

the hardware-containing apparatus is interposed between the plurality of origin 
managing devices and the plurality of managed devices so as to receive management 
orders from the plurality of origin managing devices and issue allowed management 
orders to the plurality of managed devices. 

52. (Previously Presented) The method of claim 51, wherein the step of 
checking the management order comprises the further step of determining, from the 
identifier of a management operation, at least one identifier selected from the group 
consisting of: an identifier of a managed data object affected by the operation; and an 
identifier of a managed device, affected by the operation. 

53. (Previously Presented) The method of claim 52, wherein the step of 
checking the management order comprises the further step of selecting a management 
access template, among the first, second, and third management templates, according 
to an identifier received in a management order. 

54. (Previously Presented) The method of claim 53, wherein the step of 
checking the management order comprises the further step of selecting a management 
access template, among the first, second, and third management templates, according 
to an access attribute comprised in another selected management access template. 
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55. (Previously Presented) The method of claim 53, wherein the identifier of 
the origin managing device comprises at least one identifier among: an identifier of a 
management server sending a management order; an identifier of a user operating the 
management server; and 

wherein the step of selecting a management access template comprises the 
further step of selecting the first management access template according to the at least 
one identifier. 

56. (Previously Presented) The method of claim 53, wherein the identifier of 
the origin managing device comprises at least one identifier selected from: an identifier 
of a management server sending a management order; and an identifier of a user 
operating the management server; and 

wherein the step of checking the management order comprises the further step 
of authenticating the at least one identifier. 

57. (Previously Presented) The method of claim 53, wherein the step of 
checking the management order comprises the further step of determining a 
management role associated to at least one identifier selected from: an identifier of a 
management server sending a management order; and an identifier of a user operating 
the management server. 

58. (Previously Presented) The method of claim 57, wherein the step of 
checking the management order comprises the further step of selecting a management 
access template in relationship with the role. 

59. (Previously Presented) The method of claim 57, wherein at least one 
management access template among the second or third management templates 
comprises an identifier (ROm) of at least one role as an access attribute, and wherein 
the step of checking the management order comprises the further step of checking 
whether the management order fits with the role. 
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60. (Previously Presented) The method of claim 51, wherein the step of 
checking the management order comprises the further step of checking whether a 
managed data object affected by an allowed management order is an access attribute 
in a management access template; and wherein the step of granting the management 
order comprises the further step of executing a management operation over the access 
attribute. 

61. (Previously Presented) The method of claim 51, comprising the further 
steps of: 

receiving an access request from the origin managing device; 
determining the first management access template; and 

sending an access response to the origin managing device that comprises an 
access attribute of the management access template. 

62. (Currently Amended) A computer program stored on a non-transitory data 
storage in a computer-based apparatus for mediating management orders between a 
plurality of origin managing devices and a plurality of managed devices in a 
telecommunications system, the management orders intended to execute management 
operations over the managed devices, comprising: 

a computer-readable program having code adapted to cause a computer-based 
apparatus to process the reception of a management order from one of the origin 
managing devices; 

the computer-readable program having code adapted to cause the computer- 
based apparatus to determine whether a received management order js an allowed 
management order by checking whether content of the received management order fits 
an a cc ess attr i but e access attributes comprised in a manag e m e nt acc e ss t e mplat e , th e 
managomont access t e mplate b e ing on e soloctod from th e group consisting of: a first 
management access template in relationship with an identifier of the origin managing 
device[[;]L a second management access template in relationship with an identifier of a 
managed data object affected by the management order[[;]L and a third management 
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access template in relationship with an identifier of a managed device affected by the 
management order, 

the computer-readable program having code adapted to cause the computer- 
based apparatus to send an allowed management order to a managed device; and 

the computer-based apparatus is interposed between the plurality of origin 
managing devices and the plurality of managed devices so as to receive management 
orders from the plurality of origin managing devices and issue allowed management 
orders to the plurality of managed devices. 

63. (Previously Presented) The computer program of claim 62, further 
comprising the computer-readable program having code adapted to cause the 
computer-based apparatus to determine, from the identifier of a management operation, 
at least one identifier selected from: an identifier of a managed data object affected by 
the operation; and an identifier of a managed device, affected by the operation. 

64. (Previously Presented) The computer program of claim 62, further 
comprising the computer-readable program having code adapted to cause the 
computer-based apparatus to select a management access template, among the first, 
second, and third management templates, according to an identifier received in a 
management order. 

65. (Previously Presented) The computer program of claim 64, further 
comprising the computer-readable program having code adapted to cause the 
computer-based apparatus to select a management access template, among the first, 
second, and third management templates, according to an access attribute comprised 
in another selected management access template. 

66. (Previously Presented) The computer program of claim 64, wherein the 
identifier of the origin managing device comprises at least one identifier among: an 
identifier of a management server sending a management order; an identifier of a user 
operating the management server; and 
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the computer-readable program having code adapted to cause the computer- 
based apparatus to select the first management access template according to the at 
least one identifier. 

67. (Previously Presented) The computer program of claim 64, wherein the 
identifier of the origin managing device comprises at least one identifier selected from 
among: an identifier of a management server sending a management order; an identifier 
of a user operating the management server; and 

wherein the computer-readable program has code adapted to cause the 
computer-based apparatus to authenticate the at least one identifier. 

68. (Previously Presented) The computer program of claim 64, further 
comprising the computer-readable program having code adapted to cause the 
computer-based apparatus to determine a management role associated to at least one 
identifier selected from: an identifier of a management server sending a management 
order; and an identifier of a user operating the management server. 

69. (Previously Presented) The computer program of claim 68, further 
comprising the computer-readable program having code adapted to cause the 
computer-based apparatus to select at least one management access template in 
relationship with the role. 

70. (Previously Presented) The computer program of claim 68, wherein at 
least one management access template among the second or third management 
templates comprises an identifier (ROm) of at least one role as an access attribute, and 
further comprising a computer-readable program code for causing the computer-based 
apparatus to check whether the management order fits with the role. 

71. (Previously Presented) The computer program of claim 62, further 
comprising the computer-readable program having code adapted to cause the 
computer-based apparatus to determine whether a managed data object affected by an 
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allowed management order is an access attribute in a management access template, 
and a computer-readable program code for causing the computer-based apparatus to 
execute a management operation over the access attribute. 

72. (Previously Presented) The computer program of claim 62, further 
comprising: 

the computer-readable program having code adapted to cause the computer- 
based apparatus to process the reception of an access request from the origin 
managing device; 

the computer-readable program having code adapted to cause the computer- 
based apparatus to determine the first management access template, and 

the computer-readable program having code adapted to cause the computer- 
based apparatus to send an access response to the origin managing device that 
comprises an access attribute ,of the management access template. 
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